Are two members required when using Windows WSL? Anyway around this?

For Windows hosts, I have two memberships - one for Windows and one for the WSL2 virtual machine. I suppose I would need additional memberships for any further WSL instances I add.

I use the Windows membership to the ZeroTier network mostly for outward bound connections to a proxy server on a cloud instance and I use the WSL membership for incoming SSH connections.

Is there any way around this? Is it possible to combine the two (or more) into just one membership which I can use for both the Windows host and the WSL2 virtual machine(s), with routing or port forwarding or something like that?

The WSL2 vm has the IP address on

I can ping the vm address from the Windows host that it’s running on and vice versa. I can ping a remote server on the ZeroTier network from the WSL2 host, but not the other way around.

In the ZeroTier web interface I have added a route to via, which is the ZeroTier address of the Windows host that WSL2 is running on but it’s not working.

What am I doing wrong?

Is there a particular reason you don’t want to run a second ZeroTier node on the WSL2 guest?

If you install a normal Linux ZT1 client package inside the WSL2 VM, you should be able to directly connect from the external host using the ZeroTier IP address. No need to route to your private network space ( at all…which is kind of the whole point. :slight_smile:

Thanks for replying.

I don’t want to run multiple zerotier nodes on the same laptop. I’ll be setting up multiple ephemeral WSL hosts once I have this setup and running.

I have ZeroTier built-in on my Mikrotik router, so this should work the same, with the Windows host being the router?

I have a route to the WSL network set in the ZT web interface:

There is a route to the WSL network in the Windows host:

F:\Users\jason>route print | grep         On-link   5256

So what is stopping me from being able to ping the WSL vm from a cloud instance on the ZT network?

Another thing - I have spent quite a lot of time on getting this setup already, having made a systemd service which updates the Windows host file on the Windows host with hostnames for ZeroTier members and WSL VMs. I just cannot get the routing working.

So I can’t be 100% certain, but it seems possible that your Windows host isn’t configured as a local router/gateway for the WSL2 virtual network.

To check, you could try pinging the private network address of your WSL2 guest from another, non-ZeroTier node on your LAN via a static route through the Windows host’s IP.

If that works, we can continue looking at the ZT config. If it fails, it would suggest you need to change your Hyper-V virtual switch configuration to enable routing and/or forwarding for the WSL2 guest.

I think your intuition re: “this is just like my Microtik” setup seems good, but the analogy requires that your Windows host be similarly configured to do routing + forwarding between the ZT interface and the local (Hyper-V) network, which AFAIK isn’t how WSL2 sets things up by default.

1 Like

I have managed to get it working by forwarding port 22 to the Windows host with this command:

netsh interface portproxy add v4tov4 listenport=22 listenaddress= connectport=22 connectaddress=[WSL IP address]

…and opening the Windows Firewall:

Invoke-Expression "New-NetFireWallRule -DisplayName 'WSL2 SSH IN' -Direction Inbound -LocalPort 22 -Action Allow -Protocol TCP"

Instead of routing to the WSL2 virtual machine I just use the ZeroTier address for the Windows host.

For DNS, I have been using my real domain with actual FQDN hostnames in /etc/hosts (manually added), but now I have automated it using scripts that use the ZeroTier API.

I am planning to add the ability to update Pi-Hole DNS servers with the DNS addresses once I have them set up.

Is this what other people do? I am not sure what most ZeroTier users use for DNS. Cheers.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.